Yes, but both peers must be have the same lifetimes Check DPD too:
Dead Peer Detection: Enable Delay between requesting peer acknowledgement: 10 Seconds Number of consecutive failures allowed before disconnect: 5 retries Are good values for both peers. Atte., Antonio Cortés Alhambra -----Original Message----- From: Adam Piasecki [mailto:apiase...@midatlanticbb.com] Sent: Tuesday, April 03, 2012 12:05 PM To: antonio.cor...@incatel.cl; pfSense support and discussion Subject: Re: [pfSense] IPSec Tunnel Negotiation? Okay, I will, Is this having the effect of dropping the tunnel. I never catch it when it's down, so i don't know. Adam On 4/3/2012 10:59 AM, Antonio Cortes Alhambra (INCATEL) wrote: > Swap this lifetimes > > Phase 1 - 28800 seconds > > Phase 2 - 3600 seconds > > phase 1 lifetime must be greather tan phase 2 lifetime. > > This values are ok > :) > > Regards > > Atte., > Antonio Cortés Alhambra > > > > -----Original Message----- > From: Adam Piasecki [mailto:apiase...@midatlanticbb.com] > Sent: Tuesday, April 03, 2012 11:43 AM > To: antonio.cor...@incatel.cl > Cc: 'pfSense support and discussion' > Subject: Re: [pfSense] IPSec Tunnel Negotiation? > > Phase 1 - 3600 seconds > Phase 2 - 28800 seconds > > On 4/3/2012 10:37 AM, Antonio Cortes Alhambra (INCATEL) wrote: >> Whats is your (and your peer) Key Life Time Limit in phase 1 and phase 2 > ?? >> Atte., >> Antonio Cortés Alhambra >> >> -----Original Message----- >> From: list-boun...@lists.pfsense.org > [mailto:list-boun...@lists.pfsense.org] >> On Behalf Of Adam Piasecki >> Sent: Tuesday, April 03, 2012 11:11 AM >> To: pfSense support and discussion >> Subject: [pfSense] IPSec Tunnel Negotiation? >> >> The IPSec Tunnel works great, but i was wondering about the following >> message. Seems to be happening ever hour or so. Just wondering if it >> has any negative effects (Tunnel dropping, drop packets, ect) >> >> Apr 3 07:54:43 racoon: [XXXX]: INFO: ISAKMP-SA established >> 1.1.1.1[500]-1.1.1.1[500] spi:aaf2be14269bf3c9:3429812c9d3a2775 >> Apr 3 07:54:43 racoon: [XXXX]: INFO: respond new phase 1 >> negotiation: 1.1.1.1[500]<=>1.1.1.1[500] >> Apr 3 07:18:42 racoon: [XXXX]: INFO: ISAKMP-SA deleted >> 1.1.1.1[500]-1.1.1.1[500] spi:fcdef781c8f072a2:d572f427235b4d7d >> Apr 3 07:18:42 racoon: [XXXX]: INFO: ISAKMP-SA expired >> 1.1.1.1[500]-1.1.1.1[500] spi:fcdef781c8f072a2:d572f427235b4d7d >> > -- Adam M Piasecki MidAtlanticBroadband Office: 410-727-8250 x 123 Cell: 940-224-4837 Fax: 410-727-8245 _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
